em-http-request 1.1.2 → 1.1.7

data/spec/pipelining_spec.rb

@@ -8,10 +8,10 @@ requires_connection do
       EventMachine.run do
 
         # Mongrel doesn't support pipelined requests - bah!
-        conn = EventMachine::HttpRequest.new('http://www.igvita.com/')
+        conn = EventMachine::HttpRequest.new('http://www.bing.com/')
 
         pipe1 = conn.get :keepalive => true
-        pipe2 = conn.get :path => '/archives/', :keepalive => true
+        pipe2 = conn.get :path => '/news', :keepalive => true
 
         processed = 0
         stop = proc { EM.stop if processed == 2}
@@ -36,10 +36,10 @@ requires_connection do
 
     it "should perform successful pipelined HEAD requests" do
       EventMachine.run do
-        conn = EventMachine::HttpRequest.new('http://www.igvita.com/')
+        conn = EventMachine::HttpRequest.new('http://www.bing.com/')
 
         pipe1 = conn.head :keepalive => true
-        pipe2 = conn.head :path => '/archives/', :keepalive => true
+        pipe2 = conn.head :path => '/news', :keepalive => true
 
         processed = 0
         stop = proc { EM.stop if processed == 2}

data/spec/redirect_spec.rb

@@ -362,4 +362,69 @@ describe EventMachine::HttpRequest do
     }
   end
 
+  it "should ignore query option when redirecting" do
+    EventMachine.run {
+      http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/redirect/ignore_query_option').get :redirects => 1, :query => 'ignore=1'
+      http.errback { failed(http) }
+      http.callback {
+        http.last_effective_url.to_s.should == 'http://127.0.0.1:8090/redirect/url'
+        http.redirects.should == 1
+
+        redirect_url = http.response
+        redirect_url.should == http.last_effective_url.to_s
+
+        EM.stop
+      }
+    }
+  end
+
+  it "should work with keep-alive connections with cross-origin redirect" do
+    Timeout.timeout(1) {
+      EventMachine.run {
+        response =<<-HTTP.gsub(/^ +/, '')
+          HTTP/1.1 301 MOVED PERMANENTLY
+          Location: http://127.0.0.1:8090/
+          Content-Length: 0
+
+        HTTP
+
+        stub_server = StubServer.new(:host => '127.0.0.1', :port => 8070, :keepalive => true, :response => response)
+        conn = EventMachine::HttpRequest.new('http://127.0.0.1:8070/', :inactivity_timeout => 60)
+        http = conn.get :redirects => 1, :keepalive => true
+        http.errback { failed(http) }
+        http.callback {
+          http.last_effective_url.to_s.should == 'http://127.0.0.1:8090/'
+          http.redirects.should == 1
+
+          stub_server.stop
+          EM.stop
+        }
+      }
+    }
+  end
+
+  it "should work with keep-alive connections with same-origin redirect" do
+    Timeout.timeout(1) {
+      EventMachine.run {
+        response =<<-HTTP.gsub(/^ +/, '')
+          HTTP/1.1 301 MOVED PERMANENTLY
+          Location: http://127.0.0.1:8070/
+          Content-Length: 0
+
+        HTTP
+
+        stub_server = StubServer.new(:host => '127.0.0.1', :port => 8070, :keepalive => true, :response => response)
+        conn = EventMachine::HttpRequest.new('http://127.0.0.1:8070/', :inactivity_timeout => 60)
+        http = conn.get :redirects => 1, :keepalive => true
+        http.errback { failed(http) }
+        http.callback {
+          http.last_effective_url.to_s.should == 'http://127.0.0.1:8070/'
+          http.redirects.should == 1
+
+          stub_server.stop
+          EM.stop
+        }
+      }
+    }
+  end
 end

data/spec/spec_helper.rb

@@ -0,0 +1,25 @@
+PROXY_ENV_VARS = %w[HTTP_PROXY http_proxy HTTPS_PROXY https_proxy ALL_PROXY]
+
+RSpec.configure do |config|
+  proxy_envs = {}
+
+  config.mock_with :rspec do |c|
+    c.syntax = [:should, :expect]
+  end
+  config.expect_with :rspec do |c|
+    c.syntax = [:should, :expect]
+  end
+
+  config.before :all do
+    # Back-up ENV *_PROXY vars
+    orig_proxy_envs = Hash[
+      PROXY_ENV_VARS.select {|k| ENV.key? k }.map {|k| [k, ENV.delete(k)] }
+    ]
+    proxy_envs.replace(orig_proxy_envs)
+  end
+
+  config.after :all do
+    # Restore ENV *_PROXY vars
+    ENV.update(proxy_envs)
+  end
+end

data/spec/ssl_spec.rb

@@ -3,7 +3,6 @@ require 'helper'
 requires_connection do
 
   describe EventMachine::HttpRequest do
-
     it "should initiate SSL/TLS on HTTPS connections" do
       EventMachine.run {
         http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail/').get
@@ -15,6 +14,58 @@ requires_connection do
         }
       }
     end
+
+    describe "TLS hostname verification" do
+      before do
+        @cve_warning = "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
+                       " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details"
+        @orig_stderr = $stderr
+        $stderr = StringIO.new
+      end
+
+      after do
+        $stderr = @orig_stderr
+      end
+
+      it "should not warn if verify_peer is specified" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: false}}).get
+
+          http.callback {
+            $stderr.rewind
+            $stderr.string.chomp.should_not eq(@cve_warning)
+
+            EventMachine.stop
+          }
+        }
+      end
+
+      it "should not warn if verify_peer is true" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: true}}).get
+
+          http.callback {
+            $stderr.rewind
+            $stderr.string.chomp.should_not eq(@cve_warning)
+
+            EventMachine.stop
+          }
+        }
+      end
+
+      it "should warn if verify_peer is unspecified" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail').get
+
+          http.callback {
+            $stderr.rewind
+            $stderr.string.chomp.should eq(@cve_warning)
+
+            EventMachine.stop
+          }
+        }
+      end
+    end
   end
 
 end

data/spec/stallion.rb

@@ -1,6 +1,6 @@
 # #--
 # Includes portion originally Copyright (C)2008 Michael Fellinger
-# license See file LICENSE for details
+# MIT License
 # #--
 
 require 'rack'
@@ -17,7 +17,7 @@ module Stallion
 
     def match?(request)
       method = request['REQUEST_METHOD']
-      right_method = @methods.empty? or @methods.include?(method)
+      @methods.empty? or @methods.include?(method)
     end
   end
 
@@ -36,7 +36,7 @@ module Stallion
 
     def call(request, response)
       @request, @response = request, response
-      @boxes.each do |(path, methods), mount|
+      @boxes.each do |_, mount|
         if mount.match?(request)
           mount.ride
         end
@@ -96,6 +96,9 @@ Stallion.saddle :spec do |stable|
     elsif stable.request.path_info == '/echo_content_length_from_header'
       stable.response.write "content-length:#{stable.request.env["CONTENT_LENGTH"]}"
 
+    elsif stable.request.path_info == '/echo_authorization_header'
+      stable.response.write "authorization:#{stable.request.env["HTTP_AUTHORIZATION"]}"
+
     elsif stable.request.head? && stable.request.path_info == '/'
       stable.response.status = 200
 
@@ -201,6 +204,14 @@ Stallion.saddle :spec do |stable|
       stable.response.status = 301
       stable.response["Location"] = "https://host:443/"
 
+    elsif stable.request.path_info == '/redirect/ignore_query_option'
+      stable.response.status = 301
+      stable.response['Location'] = '/redirect/url'
+
+    elsif stable.request.path_info == '/redirect/url'
+      stable.response.status = 200
+      stable.response.write stable.request.url
+
     elsif stable.request.path_info == '/gzip'
       io = StringIO.new
       gzip = Zlib::GzipWriter.new(io)
@@ -227,6 +238,10 @@ Stallion.saddle :spec do |stable|
       stable.response.write deflater.finish
       stable.response["Content-Encoding"] = "deflate"
 
+    elsif stable.request.path_info == '/echo_accept_encoding'
+      stable.response.status = 200
+      stable.response.write stable.request.env["HTTP_ACCEPT_ENCODING"]
+
     elsif stable.request.env["HTTP_IF_NONE_MATCH"]
       stable.response.status = 304
 
@@ -234,7 +249,7 @@ Stallion.saddle :spec do |stable|
       stable.response.status = 200
       stable.response.write stable.request.env["HTTP_AUTHORIZATION"]
     elsif stable.request.path_info == '/authtest'
-      auth = "Basic %s" % Base64.encode64(['user', 'pass'].join(':')).split.join
+      auth = "Basic %s" % Base64.strict_encode64(['user', 'pass'].join(':')).split.join
       if auth == stable.request.env["HTTP_AUTHORIZATION"]
         stable.response.status = 200
         stable.response.write 'success'
@@ -257,7 +272,7 @@ end
 Thread.new do
   begin
     Stallion.run :Host => '127.0.0.1', :Port => 8090
-  rescue Exception => e
+  rescue => e
     print e
   end
 end

data/spec/stub_server.rb

@@ -1,5 +1,7 @@
 class StubServer
   module Server
+    attr_accessor :keepalive
+
     def receive_data(data)
       if echo?
         send_data("HTTP/1.0 200 OK\r\nContent-Length: #{data.bytesize}\r\nContent-Type: text/plain\r\n\r\n")
@@ -8,7 +10,7 @@ class StubServer
         send_data @response
       end
 
-      close_connection_after_writing
+      close_connection_after_writing unless keepalive
     end
 
     def echo= flag
@@ -31,8 +33,9 @@ class StubServer
     host = options[:host]
     port = options[:port]
     @sig = EventMachine::start_server(host, port, Server) do |server|
-      server.response = options[:response]
-      server.echo     = options[:echo]
+      server.response  = options[:response]
+      server.echo      = options[:echo]
+      server.keepalive = options[:keepalive]
     end
   end
 

metadata

@@ -1,153 +1,153 @@
 --- !ruby/object:Gem::Specification
 name: em-http-request
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.7
 platform: ruby
 authors:
 - Ilya Grigorik
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-20 00:00:00.000000000 Z
+date: 2020-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.3.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.3.4
 - !ruby/object:Gem::Dependency
   name: cookiejar
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "!="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "!="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.1
 - !ruby/object:Gem::Dependency
   name: em-socksify
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.3'
 - !ruby/object:Gem::Dependency
   name: eventmachine
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: http_parser.rb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.6.0
 - !ruby/object:Gem::Dependency
   name: mongrel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0.pre2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0.pre2
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: EventMachine based, async HTTP Request client
@@ -157,9 +157,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gemtest
-- .gitignore
-- .rspec
+- ".gemtest"
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Changelog.md
 - Gemfile
 - README.md
@@ -196,6 +197,7 @@ files:
 - lib/em-http/multi.rb
 - lib/em-http/request.rb
 - lib/em-http/version.rb
+- lib/em/io_streamer.rb
 - spec/client_fiber_spec.rb
 - spec/client_spec.rb
 - spec/digest_auth_spec.rb
@@ -213,6 +215,7 @@ files:
 - spec/pipelining_spec.rb
 - spec/redirect_spec.rb
 - spec/socksify_proxy_spec.rb
+- spec/spec_helper.rb
 - spec/ssl_spec.rb
 - spec/stallion.rb
 - spec/stub_server.rb
@@ -220,24 +223,23 @@ homepage: http://github.com/igrigorik/em-http-request
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: em-http-request
-rubygems_version: 2.0.6
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: EventMachine based, async HTTP Request client
 test_files:
@@ -258,6 +260,7 @@ test_files:
 - spec/pipelining_spec.rb
 - spec/redirect_spec.rb
 - spec/socksify_proxy_spec.rb
+- spec/spec_helper.rb
 - spec/ssl_spec.rb
 - spec/stallion.rb
 - spec/stub_server.rb